Enable NAT Gateway for GCP

[jochenehret]

• currently we have to use external IPs for all VMs to enable outgoing traffic (ephemeral_external_ip: true in BOSH cloud-config)
• to avoid allocating a large number of external IPs (and possibly leaving behind cost-incurring orphans), we should use a NAT gateway instead as on other infrastructures
• this basic NAT configuration is taken from the Terraform manual: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router_nat#example-usage---router-nat-basic

[jochenehret]

I've tested this on a bbl environment with ephemeral_external_ip: false. Deploying CF with bosh deploy finishes successfully. The VMs now only have internal IPs from the 10.0.0.0/16 subnet. Pushing an app however fails because the buildpack cannot be downloaded. Running bbl up again creates the NAT gateway and a router and then outgoing traffic is enabled again. When this change is integrated into bosh-bootloader, we can update the bosh-deployment cloud-config: https://github.com/cloudfoundry/bosh-deployment/blob/10d4205cb6deed266afcd23fa1b66e0c08296254/gcp/cloud-config.yml#L41

Note that I've tested this as a separate Terraform file bbl-config/terraform/nat-gateway.tf.

[jochenehret]

I wasn't sure where to put this... but as indeed most network resources are defined in bosh_director.tf, I'll move it.